Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

1/31/2020
04:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

What It's Like to Be a CISO: Check Point Security Leader Weighs In

Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.

Check Point Software CISO Jony Fischbein has a lot on his plate. Like many CISOs, he juggles the security of multiple corporate departments with thousands of employees, all of whom possess different personalities, security requirements, and potential risk factors.

"A lot of these departments … they want to drive to the same place, but they have different needs," said Fischbein in a keynote at this week's CPX 360 conference, in New Orleans. Each day he is tasked with making decisions to secure these departments and each of their employees, while also tackling his overall goal and greatest challenge in being a CISO: enabling business processes.

Tackling this challenge starts with addressing human-based issues. "People are the biggest asset and the biggest weakness in any organization," Fischbein said. "Engage them wisely."

This means knowing how employees can aid in your defenses, but more importantly the people you need to protect against. The first group includes overmotivated employees. "These employees will do stuff because they just want to promote the business," he explained, but they often do this by downloading tools and applications not sanctioned by the IT department. "Shadow IT," or the use of software without the business' consent, presents security issues.

While eager employees pose a risk, unhappy ones are considerably more dangerous. "These are the No. 1 people who will hurt the company," Fischbein added. Angry workers who are motivated to cause damage can use their access to steal contacts and code and expose internal data. "These problems are relevant to everyone," he said, noting that for every 1,000 employees, chances are five to 15 are unhappy. They may face penalties, he continued, but many unhappy employees forget about the contracts they signed when they started the job.

Cybercriminals and nation-states are the other two groups causing concern for Fischbein. As an example, he cited recent concerns of retaliation and potential cyberattacks from Iran in early January. "We have to immediately make sure our SOC was up-to-date," he said of the response. "All IP addresses from Iran are going to be immediately blocked, no questions asked."

The talk dove into two examples of how CISOs can help enable business processes. First, he said, is embracing the cloud and supporting the business' ability to use it. In the past year, Check Point's IT teams have worked in cloud environments and developed directly on them. One of their accounts is forbidden to be exposed to the Internet. If something is accidentally exposed, the team introduced a mitigation through which the incident is logged and sent to the SOC.

"The No. 1 topic that I believe is the reason for hacks or breaches in the cloud is misconfiguration," said Fischbein.

Understanding security incidents is a second example of how the CISO can support the business. It's essential to treat incidents well and thoroughly, said Fischbein, and it's equally important to not be surprised or panic when a breach hits. Be sure you know which teams will be involved in response and the steps they will take in investigating and mitigating the threat.

"What is key during the incident is to try to [record] lessons learned during that incident," he emphasized. "A month later you will not remember what happened."

Fischbein also spoke to the use of automation, which he believes will allow security teams to survive the challenges of today and the future. "All security pros, such as myself, have to open the gates to third-party solutions. We have an automated process to vet the new technologies we will connect to our systems, so [they] will be rapid and secure."

With respect to Check Point's own product line, he called himself "customer zero" for all of the company's tools.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "AppSec Concerns Drove 61% of Businesses to Change Applications."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing Writer,  2/25/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9431
PUBLISHED: 2020-02-27
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
CVE-2020-9432
PUBLISHED: 2020-02-27
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-9433
PUBLISHED: 2020-02-27
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-9434
PUBLISHED: 2020-02-27
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
CVE-2020-6383
PUBLISHED: 2020-02-27
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.